Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
10
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Remote access to management function restrictions
Brocade(config)# telnet server enable vlan 10
The command in this example configures the device to allow Telnet management access only to
clients connected to ports within port-based VLAN 10. Clients connected to ports that are not in
VLAN 10 are denied management access.
clients connected to ports within port-based VLAN 10. Clients connected to ports that are not in
VLAN 10 are denied management access.
Syntax: [no] telnet server enable vlan vlan-id
Restricting SNMP access to a specific VLAN
To allow SNMP access only to clients in a specific VLAN, enter a command such as the following.
Brocade(config)# snmp-server enable vlan 40
The command in this example configures the device to allow SNMP access only to clients
connected to ports within port-based VLAN 40. Clients connected to ports that are not in VLAN 40
are denied access.
connected to ports within port-based VLAN 40. Clients connected to ports that are not in VLAN 40
are denied access.
Syntax: [no] snmp-server enable vlan vlan-id
Restricting TFTP access to a specific VLAN
To allow TFTP access only to clients in a specific VLAN, enter a command such as the following.
Brocade(config)# tftp client enable vlan 40
The command in this example configures the device to allow TFTP access only to clients connected
to ports within port-based VLAN 40. Clients connected to ports that are not in VLAN 40 are denied
access.
to ports within port-based VLAN 40. Clients connected to ports that are not in VLAN 40 are denied
access.
Syntax: [no] tftp client enable vlan vlan-id
Designated VLAN for Telnet management sessions
to a Layer 2 switch
to a Layer 2 switch
Brocade ICX 6650 supports the creation of management VLANs. By default, the management IP
address you configure on a Layer 2 switch applies globally to all the ports on the device. This is true
even if you divide the device ports into multiple port-based VLANs.
address you configure on a Layer 2 switch applies globally to all the ports on the device. This is true
even if you divide the device ports into multiple port-based VLANs.
If you want to restrict the IP management address to a specific port-based VLAN, you can make
that VLAN the designated management VLAN for the device. When you configure a VLAN to be the
designated management VLAN, the management IP address you configure on the device is
associated only with the ports in the designated VLAN. To establish a Telnet management session
with the device, you must access the device through one of the ports in the designated VLAN.
that VLAN the designated management VLAN for the device. When you configure a VLAN to be the
designated management VLAN, the management IP address you configure on the device is
associated only with the ports in the designated VLAN. To establish a Telnet management session
with the device, you must access the device through one of the ports in the designated VLAN.
You also can configure up to five default gateways for the designated VLAN, and associate a metric
with each one. The software uses the gateway with the lowest metric. The other gateways reside in
the configuration but are not used. To use one of the other gateways, modify the configuration so
that the gateway you want to use has the lowest metric.
with each one. The software uses the gateway with the lowest metric. The other gateways reside in
the configuration but are not used. To use one of the other gateways, modify the configuration so
that the gateway you want to use has the lowest metric.
If more than one gateway has the lowest metric, the gateway that appears first in the running-config
is used.
is used.